IT Audit - The Institute Of Internal Auditors  


Reference Library: Standards

References and descriptions of IT- and audit-related standards and standards-setting organizations.

American Bankers Association (ABA)
ABA brings together all elements of the banking community to promote the strength and profitability of the industry, and provides products and services, public affairs support, and legal services.
American Institute of Certified Public Accountants (AICPA)
The AICPA is the professional association for certified public accountants in the United States.
American National Standards Institute (ANSI)
ANSI promotes the use of U.S. standards internationally, advocates U.S. policy and technical positions in international and regional standards organizations, and encourages the adoption of international standards as national standards where these meet the needs of the user community.
American Society of Industrial Security (ASIS)
The largest international organization for security professionals is dedicated to increasing effectiveness and productivity with educational programs and materials that focus on both fundamentals and recent advancements.
Bank Administration Institute (BAI)
BAI's mission is to establish banking companies as the preeminent providers of financial services by offering high quality, relevant, objective information and programs.
Bank for International Settlements (BIS)
BIS is an international organization that fosters cooperation toward monetary and financial stability and serves as a central bank.
Basel Committee on Banking Supervision
Publications of the Basel Committee cover topics relevant to management, control, security, audit, and legal professions, and are available in English, French, German, and Italian.
BITS, the Technology Group for the Financial Services Roundtable is the strategic "brain trust" for the U.S. financial services industry in the e-commerce arena.
British Computer Society (BCS)
Under its Royal Charter, the society has responsibilities for education and training, for public awareness, and for standards, quality, and professionalism for IT professionals.
British Standards Institute (BSI)
BSI ensures the views of British industry are represented in international standards bodies.
Canadian Institute of Chartered Accountants (CICA)
CICA upholds the professional integrity and standards of Canada's chartered accountants by enhancing the quality and quantity of financial information produced by organizations and helping members add value to their clients.
Certified Financial Planner Board of Standards
This nonprofit professional regulatory organization wasn founded in 1985 to benefit the public by fostering professional standards in personal financial planning.
Communications Security Establishment (CSE) - Canada
CSE delivers information technology security solutions to the government of Canada, featuring the Common Criteria Evaluation and Certification Scheme third party evaluation and certification service.
COSO Enterprise Risk Management—Integrated Framework
The Committee of Sponsoring Organizations of the Treadway Commission'S Enterprise Risk Management—Integrated Framework describes the essential components, principles, and concepts of ERM.
DOE Technical Standards
The mission is to enhance the U.S. Department of Energy's transition to a standards-based culture by providing information, coordinating activities, and promoting the use of consensus standards and the development of technical standards.
Electronic Industries Alliance (EIA)
The EIA is a U.S. trade organization of electronic and high-tech associations and companies whose mission is promoting the market development and competitiveness of the U.S. high-tech industry.
EU Dependability Development Support Initiative (DDSI)
This site provides information about DDSI, an 18-month European Union (EU) project that developed critical infrastructure protection assessment plans for EU member nations and others.
European Computer Manufacturers Association (ECMA)
ECMA is an international, Europe-based industry association founded in 1961 and dedicated to the standardization of information and communication systems.
European Telecommunications Standards Institute
The European Telecommunications Standards Institute produces telecommunications standards that will be used throughout Europe.
Generally Accepted Principles and Practices for Securing Information Technology Systems
The National Institute of Standards and Technology (NIST) provides its version of pervasive information security principles, based on OECD Guidelines. [PDF]
Guidelines for the Security of Information Systems (OECD)
Guidelines created by the Organisation for Economic Co-operation and Development have been adopted or adapted by the 24 OECD member countries, as well as NIST, GASSPC, IFAC, IIA, NACD, and other organizations.
Information Society Standardization System (ISSS)
ISSS was created by the European Committee for Standardization with the International Organization for Standardization to include European Information Society standardization activities under a single umbrella.
Information Technology Industry Council (ITIC)
ITIC provides technology products and services in areas including international trade, telecommunications, e-commerce, intellectual property, technology, standards, and technical regulations.
Institute for Security and Open Methodologies (ISECOM)
ISECOM is a think tank that provides open standards and methodologies, collective information, and tools via the Internet, social venues, and conferences, under open source licenses for free public use.
Institute of Electrical and Electronics Engineers (IEEE)
IEEE sponsors conferences, symposia, and meetings, and publishes significant technical papers and standards to advance the theory and practice of electrical, electronics, computer engineering, and computer science.
Institute of Internal Auditors - Australia
IIA-Australia supports its members through the promotion and development of the role of internal auditing, including professional development activities, standards for the practice of internal auditing, and certification.
Institute of Internal Auditors (IIA)
The IIA is the world leader in internal auditing, governance, internal control, IT audit, education, risk management, and security.
International Chamber of Commerce (ICC)
ICC promotes international trade, investment and the market economy system worldwide; makes rules that govern the conduct of business across borders; and provides services including the ICC International Court of Arbitration.
International Federation of Accountants (IFAC)
IFAC is the global organization representing the accounting profession and develops accounting, audit, and assurance standards.
International Federation of Information Processing Societies (IFIPS)
This nongovernmental, nonprofit umbrella organization for national societies in the field of information processing maintains friendly connections to specialized agencies of the United Nations and nongovernmental organizations.
Internet Engineering Task Force (IETF)
The IETF community of network designers, operators, vendors, and researchers conducts technical work in its working groups, which are organized by topic such as routing, transport, and security.
Internet Mail Consortium
This international organization focuses on cooperatively managing and promoting the rapidly-expanding world of electronic mail on the Internet, through information about e-mail standards and technology.
Internet Security Alliance
Internet Security Alliance provides a forum for sharing information on information security issues and threats and works to identify and standardize security best practices and solutions.
Internet Society (ISOC)
ISOC provides leadership in addressing issues that confront the future of the Internet and is the organizational home for groups responsible for Internet infrastructure standards.
ISACA serves the needs of IT governance professionals, develops global standards, administers the Certified Information Systems Auditor (CISA) designation, and publishes the Control Objectives for Information and Related Technology (COBIT).
ISF Standard of Good Practice for Information Security
The Standard is produced by the Information Security Forum to promote good practice in information security, help organizations improve security, and develop practical and effective standards for reducing information risk.
National Information Standards Organization (NISO)
NISO develops and promotes technical standards used in a wide variety of information services, by content publishers, libraries, and software developers.
National Institute of Standards and Technology
NIST technology, measurements, and standards help U.S. industry invent and manufacture superior products reliably, ensure a fair marketplace for consumers and businesses, and promote acceptance of U.S. products in foreign markets.
National Physical Laboratory
The UK's national measurement standards laboratory maintains the UK reference standards for the basic units of mass, length, time, temperature, luminous intensity, and electrical current, as well as many of the derived units.
NSSN: A National Resource for Global Standards
This one-stop information repository from the American National Standards Institute provides standards information.
OASIS is an industry consortium that develops technical standards for electronic business applications; OASIS developed the extensible markup language (XML) standard and continues to develop XML specifications.
Object Data Management Group
This nonprofit consortium of vendors and interested parties completed its work on object data management standards in 2001. Information on resources and standards is found on the site.
OECD Guidelines for the Security of Information Systems and Networks
These guidelines suggest the need for a greater awareness and understanding of security issues, including the need to develop a "culture of security."
Organisation for Economic Co-operation and Development (OECD)
OECD's 30 member countries share a commitment to democratic government and the market economy. OECD Guidelines for the Security of Information Systems have been adopted/adapted by the standards organizations throughout the world.
Project Management Institute (PMI)
PMI is a nonprofit professional association that establishes standards and provides seminars, educational programs, and professional certification for project leaders.
This Web site provides general information about the Statement on Auditing Standards (SAS) No. 70 (SAS70).
Security Industry Association (SIA)
SIA promotes growth, expansion, and professionalism within the security industry; and provides education, research, technical standards, representation, and defense of members’ interests.
Security Requirements for Cryptographic Modules (FIPS 140-2)
Security requirements cover 11 areas related to the design and implementation of a cryptomodule and the assignment of a security level rating or a rating that reflects fulfillment of requirements for that area.
Software Process Improvement and Capability Determination
This international initiative aims to develop a Standard for Software Process Assessment.
Standards for Information Systems Auditing
These standards issued by the Standards Board of the ISACA are available in several languages and may be downloaded for offline viewing in Adobe format.
Techstreet provides industry standards and technical books from hundreds of organizations.
The ISO 17799 and ISO 27001 User Group
The ISO 17799 and ISO 27001 User Group is a free international online group of members in 40 countries dedicated to providing guidance on information security standards.
The Web Standards Project
The project is a coalition of Web developers and users with the mission to persuade browser makers to adopt Web standards.
Trusted Computing Platform Alliance (TCPA)
TCPA was formed by Hewlett-Packard, IBM, Intel, and Microsoft to improve the trust available within the personal computer. The site offers specifications, news and events, and work groups.
U.S. Federal Financial Institutions Examination Council
The Council is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions.
U.S. Government Auditing Standards
This site presents the current Government Auditing Standards (Yellow Book), exposure drafts currently out for comment, and related information, and provides an electronic codification of Government Auditing Standards.
Video Electronics Standards Association
The association's goal is to promote and develop timely, relevant, open display and display interface standards, ensuring interoperability, and encouraging innovation and market growth.
Wireless Ethernet Compatibility Alliance (WECA)
WECA certifies interoperability of Wi-Fi products and promotes Wi-Fi as the global wireless LAN standard across market segments. The site provides articles, press releases, case studies, briefings, and presentations.
XBRL International
XBRL International is a consortium of organizations working to develop standards for using the Extensible Business Reporting Language (XBRL) in financial reporting.